Icewarp

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-14064 1Icewarp 1Mail Server Nov 21, 2024 Jul 15, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
CVE-2020-8512 1Icewarp 1Icewarp Server Nov 21, 2024 Feb 1, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
CVE-2019-19265 1Icewarp 1Mail Server Nov 21, 2024 Jan 6, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
CVE-2019-19266 1Icewarp 1Mail Server Nov 21, 2024 Jan 6, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
CVE-2010-5340 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
CVE-2010-5339 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5338 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5337 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5336 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
CVE-2010-5335 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/...Show more IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.Show less
CVE-2010-5334 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/inde...Show more IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.Show less
CVE-2019-12593 1Icewarp 1Mail Server Nov 21, 2024 Jun 3, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
CVE-2018-16324 1Icewarp 1Mail Server Nov 21, 2024 Sep 1, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
CVE-2018-7475 1Icewarp 1Mail Server Nov 21, 2024 Jun 30, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
CVE-2015-1503 1Icewarp 1Mail Server Nov 21, 2024 May 8, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php pa...Show more Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.Show less
CVE-2017-7855 1Icewarp 1Server May 13, 2026 Aug 31, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
CVE-2017-12844 1Icewarp 1Mail Server May 13, 2026 Aug 23, 2017 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.
CVE-2011-3580 1Icewarp 1Mail Server Apr 29, 2026 Sep 30, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.
CVE-2011-3579 1Icewarp 1Mail Server Apr 29, 2026 Sep 30, 2011 N/A· v4 N/A· v3 6.4 MEDIUM· v2 server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory...Show more server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.Show less
CVE-2009-1469 1Icewarp 2Email Server Webmail Server Apr 23, 2026 May 5, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing creden...Show more CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message.Show less

Previous 123 4 Next